The World Wide Web provides an incredible wealth of information but at the same time it also carries a vast amount of malicious code (often termed “malware”). Web pages provide a platform from which attackers will try to infect personal computers with viruses, Trojan horses and other malicious code. The vast majority of personal computer infections now come through Web based malware. Web browsers provide an avenue for direct compromise of the user's machine. In many cases all it takes is for the user to navigate to an infected Web site and an exploit will automatically infect their machine. To date there have been tens of millions to possibly hundreds of millions of personal computers that have been infected through Web borne exploits but there has been little progress in developing defenses against previously unknown attacks until the particular attack has been used, detected and analyzed.
Many Web sites are created just for the purpose of hosting malware. These largely consist of pornographic sites, gambling sites, or sites that capitalize on celebrity news or other hot search topics. Users are often educated to stay away from this type of site because of their likelihood to infect their computer. The more insidious threat comes from legitimate Web sites that have themselves been hacked and the attackers have planted malicious code on the site. There is no way of anticipating which of these sites have been hacked and therefore pose a security threat to visitors. News sites, on-line stores, government sites even computer security sites have all played the role of innocent host to the malicious code.
Malicious code is often obfuscated such that the malicious purpose(s) of the code is disguised. Defense against malicious code is often based on detection of known malicious code signatures. This type of defense breaks down quickly for two reasons; first, the signatures of malware are frequently changed to evade detection and second, the signatures do not yet exist for new attacks that have not been detected previously.
With the high likelihood of users being attacked via the Web, and the shortcomings of the current means for detection of incoming attacks, there exists a great and urgent need to insulate browsers from this malicious code without requiring the signatures of every known (and as yet unknown) attack type.